Secure authentication of a user using a mobile device

US 9,642,005 B2
Filed: 05/21/2012
Issued: 05/02/2017
Est. Priority Date: 05/21/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for:

generating, by the server data processing system, a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;

sending the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;

in a first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving a response message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;

matching the first session identifier and the second session identifier; and

identifying that the response message includes the digital signature based on the private key of the mobile device; and

in a second authentication mode that is different than the first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving, from the user data processing system through the session, an authentication code generated by the mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving a response message including the identifier for the session, a user identifier, and at least a portion encrypted using a private key associated with a mobile device associated with the user, and authenticating the user in response to identifying that the response message includes at least the portion encrypted using the private key associated with the mobile device.

71 Citations

View as Search Results

27 Claims

1. A non-transitory computer-readable medium embodying a computer program for authenticating a user based on a mobile device by a server data processing system, the computer program comprising computer-readable program code for:
- generating, by the server data processing system, a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;
  
  sending the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;
  
  in a first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving a response message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;
  
  matching the first session identifier and the second session identifier; and
  
  identifying that the response message includes the digital signature based on the private key of the mobile device; and
  
  in a second authentication mode that is different than the first authentication mode, authenticating, by the server data processing system, the user for the session based on receiving, from the user data processing system through the session, an authentication code generated by the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for:
    - encoding the first message into an optically-scannable image.
  - 3. The computer-readable medium of claim 2, wherein the session is a web session on a website and the optically-scannable image is presented on a login web page of the website as the physical interface of the user data processing system.
  - 4. The computer-readable medium of claim 1, wherein the first message is sent using one of:
    - a near field communications (NFC) link and a limited distance point-to-point radio.
  - 5. The computer-readable medium of claim 1, wherein the computer-readable program code for authenticating the user for the session comprises computer-readable program code for:
    - sending, using the server data processing system associated with a third party, an approval message to a data processing system associated with an entity, wherein the response message is received by the server data processing system associated with the third party.
  - 6. The computer-readable medium of claim 1, wherein the first message is transmitted as audio.
  - 7. The computer-readable medium of claim 1, wherein the computer-readable program code for authenticating the user for the session comprises computer-readable program code for:
    - determining whether the response message was received within a threshold amount of time since the first message was generated; and
      
      authenticating the user for the session in response to determining that the response message was received within the threshold amount of time.
  - 8. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for:
    - identifying when a period of time has lapsed since the first message was generated;
      
      generating a second message including a third session identifier for the session in response to identifying that the period of time has lapsed; and
      
      sending the second message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system.
  - 9. The computer-readable medium of claim 1, the computer program further comprising computer-readable program code for registering, before generating and sending the first message, a public key associated with the mobile device;
    - wherein the computer-readable program code for authenticating the user for the session in response to identifying that the response message includes the digital signature based on the private key of the mobile device comprises computer-readable program code for authenticating the user for the session in response to identifying that the digital signature is validated with the registered public key associated with the mobile device.
  - 10. The computer-readable medium of claim 9, further comprising computer-readable program code for using the user identifier to identify the registered public key associated with the mobile device.
  - 11. The computer-readable medium of claim 1, wherein the authentication code is generated and sent, by the server data processing system, in a second message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system.
  - 12. The computer-readable medium of claim 11, wherein the authentication message is encrypted with a public key associated with the mobile device.

13. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user by a mobile device, the computer program comprising computer-readable program code for:
- receiving, by the mobile device, through a physical interface associated with a session, a first message including a session identifier uniquely identifying the session, the session established between a server data processing system and a user data processing system, the user data processing system including the physical interface, the user data processing system separate from the mobile device;
  
  in a first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on generating, by the mobile device, a response message including the unique session identifier, a user identifier, and a digital signature based on a private key of the mobile device associated with the user; and
  
  sending, by the mobile device, the response message through an interface separate from the user data processing system to a specified party to request authentication of the user for the session that is on the user data processing system and identified by the unique session identifier; and
  
  in a second authentication mode that is different than the first authentication mode, facilitating, by the mobile device, authentication of the user for the session identified by the unique session identifier based on displaying, by the mobile device, an authentication code for entry of the authentication code into the user data processing system through the session, the entry of which via the user data processing system through the session requests authentication of the user for the session identified by the unique session identifier.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for:
    - identifying the first message from an optically-scannable image.
  - 15. The computer-readable medium of claim 14, wherein the session is a web session on a website and the optically-scannable image is presented on a login web page of the website as the physical interface of the user data processing system.
  - 16. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for receiving the first message using one of:
    - a near field communications (NFC) link and a limited distance point-to-point radio.
  - 17. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for:
    - requesting an input from the user to verify that the user is an authorized user of the mobile device.
  - 18. The computer-readable medium of claim 17, wherein the input is at least one of a personal identification number, a password, a biometric input, a predefined gesture on a touch screen of the mobile device, and a predefined pattern of movement of the mobile device.
  - 19. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for:
    - displaying a list of user identifiers for the user in response to identifying that the user has more than one user identifier for authentication; and
      
      receiving a selection of the user identifier to be included in the response message.
  - 20. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for:
    - displaying a request for confirmation of the request for the authentication of the user for the session,wherein sending the response message to request authentication of the user for the session is performed in response to receiving a user input comprising the confirmation.
  - 21. The computer-readable medium of claim 13, wherein the response message is encrypted using a public key associated with the specified party.
  - 22. The computer-readable medium of claim 13, the computer program further comprising computer-readable program code for identifying the first message from audio received by the mobile device.

23. A non-transitory computer-readable medium embodying a computer program for facilitating authentication of a user based on a mobile device by a third party data processing system, the computer program comprising computer-readable program code for:
- receiving, by the third party data processing system, a request for authentication from an entity data processing system associated with an entity, the entity associated with a first session identifier uniquely identifying a session established between the entity data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;
  
  in a first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the mobile device, a message including a second session identifier, a user identifier, and a digital signature based on a private key of the mobile device; and
  
  in response to matching the first session identifier received from the mobile device with the second session identifier associated with the entity, sending a response message to the entity data processing system associated with the entity; and
  
  in a second authentication mode that is different than the first authentication mode, facilitating, by the third party data processing system, authentication of the user for the session based on receiving, from the entity data processing system via the user data processing system through the session, an authentication code generated by the mobile device; and
  
  sending a response message to the entity data processing system associated with the entity.
- View Dependent Claims (24, 25)
- - 24. The computer-readable medium of claim 23, wherein the request for authentication received from the entity data processing system includes the first session identifier associated with the entity.
  - 25. The computer-readable medium of claim 23, the computer program further comprising computer-readable program code for sending the first session identifier associated with the entity to the entity data processing system in response to receiving the request for authentication.

26. A server data processing system for authenticating a user based on a mobile device, the server data processing system comprising:
- at least one memory configured to store program code;
  
  at least one communication unit; and
  
  at least one processor configured to execute the program code to cause the data processing system to;
  
  generate a first message including a first session identifier uniquely identifying a session established between the server data processing system and a user data processing system, the user data processing system including a physical interface, the user data processing system separate from the mobile device;
  
  send, via the at least one communication unit, the first message to the user data processing system for delivery to the mobile device through the physical interface of the user data processing system;
  
  in a first authentication mode, authenticate the user for the session based on receipt, via the at least one communication unit, of a response message including a second session identifier, a user identifier, and a digital signature based on a private key of a mobile device associated with the user, the response message being received through an interface that is separate from the user data processing system;
  
  the first session identifier and the second session identifier matching; and
  
  identification that the response message includes the digital signature based on the private key of the mobile device; and
  
  in a second authentication mode that is different than the first authentication mode, authenticate the user for the session based on receipt, from the user data processing system through the session, an authentication code generated by the mobile device.
- View Dependent Claims (27)
- - 27. The server data processing system of claim 26, wherein the at least one processor is further configured to execute the program code to cause the server data processing system to encode the first message into an optically-scannable image.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nexiden Inc.
Original Assignee
Nexiden Inc.
Inventors
Fosmark, Klaus S., Perry, Jr., William A.
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/476,886
Publication Number

US 20130311768A1
Time in Patent Office

1,807 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

G06Q 20/027   involving a payment switch ...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4014   Identity check for transact...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/77   Graphical identity

Secure authentication of a user using a mobile device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authentication of a user using a mobile device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links